, 2009, at 11:18 PM, Eran Hammer-Lahav wrote:
Please discuss on the www-talk@w3.org list.
For those who have read previous revisions (thanks!), please note
that except for Appendix B, the rest of the spec was significantly
changed and a fresh read is recommended.
Thanks,
EHL
such assurances.
EHL
-Original Message-
From: a...@adambarth.com [mailto:a...@adambarth.com] On Behalf Of Adam
Barth
Sent: Monday, February 23, 2009 9:57 AM
To: Breno de Medeiros
Cc: Ben Laurie; Mark Nottingham; Eran Hammer-Lahav; www-talk@w3.org
Subject: Re: Origin vs Authority; use
On 2/23/09 11:46 AM, Adam Barth w...@adambarth.com wrote:
Reality is not as binary as you imply. There are a spectrum of threat
models corresponding to different attacker abilities.
Exactly!
And I am already aware of one effort looking to add a trust layer to
host-meta. Your suggestion of
Please discuss on the www-talk@w3.org list.
For those who have read previous revisions (thanks!), please note that except
for Appendix B, the rest of the spec was significantly changed and a fresh read
is recommended.
Thanks,
EHL
-- Forwarded Message
From: internet-dra...@ietf.org
-Original Message-
From: Thomas Roessler [mailto:t...@w3.org]
Sent: Tuesday, February 10, 2009 5:06 PM
BTW, I notice that this draft is silent on the HTTP header syntax's
combining feature for multiple occurences of the same field (last
paragraph of 4.2, RFC 2616); I suspect that
How about clearly identifying the threat in the spec instead of making this a
requirement?
EHL
On 2/11/09 10:14 AM, Adam Barth w...@adambarth.com wrote:
On Tue, Feb 10, 2009 at 11:51 PM, Eran Hammer-Lahav e...@hueniverse.com wrote:
In particular, you should require that
the host-meta file
Your approach is wrong. Host-meta should not be trying to address such security
concerns. Applications making use of it should. There are plenty of
applications where no one care about security. Obviously, crossdomain.xml needs
to be secure, since, well, it is all about that. But copyright
is mailto. HTTP can talk about any URI, not just http URIs.
Since this is about *how* /host-meta is obtained, it should talk about
protocol, not scheme.
EHL
On 2/11/09 10:18 AM, Adam Barth w...@adambarth.com wrote:
On Tue, Feb 10, 2009 at 11:37 PM, Eran Hammer-Lahav e...@hueniverse.com
, this leads to a
race to the bottom where no user agents can be both popular and
secure.
On Wed, Feb 11, 2009 at 11:46 AM, Eran Hammer-Lahav e...@hueniverse.com wrote:
How about clearly identifying the threat in the spec instead of making this
a requirement?
EHL
On 2/11/09 10:14 AM, Adam Barth w
On 2/11/09 12:38 PM, Adam Barth w...@adambarth.com wrote:
On Wed, Feb 11, 2009 at 11:55 AM, Eran Hammer-Lahav e...@hueniverse.com
wrote:
There is nothing incorrect about: GET mailto:j...@example.com HTTP/1.1
I don't know how to get a Web browser to generate such a request, so I
am unable
(not sure how my work email got into this thread... but please replace it with
this one)
From: Mark Nottingham [mailto:m...@yahoo-inc.com]
Sent: Tuesday, February 10, 2009 4:21 PM
On 11/02/2009, at 12:38 AM, Thomas Roessler wrote:
As with HTTP headers, field-names are not case-sensitive,
-Original Message-
From: Mark Nottingham [mailto:m...@yahoo-inc.com]
Sent: Tuesday, February 10, 2009 4:31 PM
My understanding of the discussion's resolution was that this is not a
goal for this spec any more; i.e., if there's any boundary-hopping, it
will be defined by the
On Feb 07, 2009 11:49 AM, Roy T. Fielding field...@gbiv.com wrote:
On Feb 6, 2009, at 10:48 PM, Eran Hammer-Lahav wrote:
A 404 response can have an entity-body, which you defined as
representation of a resource on the server that describes that
error. So a Link header on a 404
In HTTP-based Resource Descriptor Discovery [1], I am trying to define a
uniform way to attach metadata (descriptors) to resources. The idea is to
define three methods for obtaining the location (URI) of the descriptor
document via the resource (URI or representation). All three methods use the
This solves my problem with regard to the Link header.
On Feb 06, 2009 4:41 PM, Roy T. Fielding field...@gbiv.com wrote:
The Link header field defines what it is about: [RFC2068]
The Link entity-header field provides a means for describing a
relationship between two resources,
URI to the HTML document. But it
suffers from the same ambiguity.
The problem, of course, is find a way to define it in an interoperable way.
EHL
-Original Message-
From: Jonathan Rees [mailto:j...@creativecommons.org]
Sent: Saturday, January 31, 2009 8:55 PM
To: Eran Hammer-Lahav
Thanks for the feedback. It is extremely useful. Please note that I have
already published a -01 revision last week which addressed some of these
concerns.
See my comments below.
On 1/29/09 6:56 AM, Jonathan Rees j...@creativecommons.org wrote:
- Please do not say 'resource discovery' as
Thanks Ashok, this is very helpful (and timely). Replies inline.
On 1/12/09 1:31 PM, ashok malhotra ashok.malho...@oracle.com wrote:
The TAG asked me to review the site-meta draft:
http://tools.ietf.org/html/draft-nottingham-site-meta-00
Comments below.
These are my personal comments and
]
Sent: Friday, January 09, 2009 3:45 PM
To: Eran Hammer-Lahav
Cc: www-talk@w3.org
Subject: Re: Discovery spec draft published
Hi Eran,
thanks for putting this together. I might have more comments in the future, but
I wanted to let you know the first hiccup I encountered when reading the
document. I
]
*Sent:* Friday, January 09, 2009 3:45 PM
*To:* Eran Hammer-Lahav
*Cc:* www-talk@w3.org
*Subject:* Re: Discovery spec draft published
Hi Eran,
thanks for putting this together. I might have more comments in the future,
but I wanted to let you know the first hiccup I encountered when reading
-Original Message-
From: Mark Nottingham [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2008 7:35 PM
So, I see roughly three ways forward here;
1) We can explore expanding the scope of site-meta to be more like
'domain-meta'.
There is nothing in /site-meta (other
(It seems like the mailing list is dropping all my emails sent from my
hueniverse.com account, which means only about 4-5 of you have seen my side
of the conversation for the past few days. I am working to correct this.
This is an attempt to recover some of those lost conversations)
From: Breno
(sorry for potential duplicates, I'm having problems posting to the list)
This issue was brought up by Google.
There are many cases where the HTTP server for example.com resides at
www.example.com. Should /site-meta specify that if a top level domain
returns a 404 for a GET /site-meta, the
23 matches
Mail list logo